Cara Instal ModSecurity dengan Nginx di Rocky Linux 8

“Cara Instal ModSecurity dengan Nginx di Rocky Linux 8”

Pengantar

ModSecurity adalah firewall aplikasi web sumber terbuka yang populer dan gratis yang digunakan untuk melindungi aplikasi web dari beberapa jenis serangan termasuk injeksi SQL, skrip lintas situs, dan penyertaan file lokal. Ini sering digunakan untuk melindungi situs web, cPanel, dan panel kontrol hosting lainnya. Sementara ModSecurity terutama dirancang untuk server web Apache, ModSecurity juga dapat bekerja dengan server web Nginx.

Persyaratan

• Siapkan server dengan OS Rocky Linux 8
• Akses root server

Cara Instal ModSecurity dengan Nginx di Rocky Linux 8

• Update OS

dnf update -y

• Install dependensi

dnf install gcc-c++ flex bison yajl curl-devel curl zlib-devel pcre-devel autoconf automake git curl make libxml2-devel pkgconfig libtool httpd-devel redhat-rpm-config git wget openssl openssl-devel vim

dnf --enablerepo=powertools install doxygen yajl-devel -y
dnf install epel-release https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
dnf --enablerepo=remi install GeoIP-devel -y

• Install Mod Security

git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity

- Ganti directory

cd ModSecurity
git submodule init
git submodule update

- compile

/configure
make
make install

• Install nginx

cd ../
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git

wget http://nginx.org/download/nginx-1.19.10.tar.gz
tar xzf nginx-1.19.10.tar.gz
useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx

- ganti directory

cd nginx-1.19.10
./configure --user=nginx --group=nginx --with-pcre-jit --with-debug --with-http_ssl_module --with-http_realip_module --add-module=/root/ModSecurity-nginx

- install

make
make install

- copy config

cp /root/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp /root/ModSecurity/unicode.mapping /usr/local/nginx/conf/

- backup nginx config

cp /usr/local/nginx/conf/nginx.conf{,.bak}

- edit nginx config

nano /usr/local/nginx/conf/nginx.conf

user  nginx;
worker_processes  1;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  nginx.example.com;
        modsecurity  on;
        modsecurity_rules_file  /usr/local/nginx/conf/modsecurity.conf;
        access_log  /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

- Buat directory

mkdir /var/log/nginx

• Buat service systemd

nano /etc/systemd/system/nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target

- buat symlink

ln -s /usr/local/nginx/sbin/nginx /usr/sbin/

- start service

systemctl daemon-reload
systemctl enable --now nginx
systemctl status nginx

• Enable Mod Sec Rule

sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /usr/local/nginx/conf/modsecurity.conf

sed -i 's#/var/log/modsec_audit.log#/var/log/nginx/modsec_audit.log#' /usr/local/nginx/conf/modsecurity.conf

• Install OWASP ModSecurity

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/local/nginx/conf/owasp-crs

cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf{.example,}

echo -e "Include owasp-crs/crs-setup.conf\nInclude owasp-crs/rules/*.conf" >> /usr/local/nginx/conf/modsecurity.conf

systemctl restart nginx

• Test Mod Sec

curl localhost/index.html?exec=/bin/bash

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.19.10</center>
</body>
</html>

• Cek log

tail -100 /var/log/nginx/modsec_audit.log

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Instal PhpMyAdmin di Arch Linux. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.